Mercurial allows for tying in keyring configuration for those of us who do not
want to store passwords in plain-text in our .hgrc files or constantly using
First install the Python keyring library by running pip install keyring.
After that is installed, checkout Mercurial keyring repository and add to
$HOME/.hgrc the following:
mercurial_keyring = ~/path/to/mercurial_keyring/mercurial_keyring.py
Next up, configure your repositories, e.g. in the case of Bitbucket I use:
bitbucket.prefix = bitbucket.org/asmodai
bitbucket.username = asmodai
bitbucket.schemes = https
Mercurial keyring will automatically decide on the best keyring to use. On a
FreeBSD system with no Gnome or other systems providing a keyring, if you do
not specify a specific keyring, the system will use the
file ~/.local/share/python_keyring/keyring_pass.cfg. This keyring file
stores the passwords encoded in Base64 in plain-text. This is not quite what
you would want from a security point of view. You can configure which backend
store to use by editing $HOME/.local/share/python-keyring/keyringrc.cfg. To
get a plain-text file with encrypted keys use the following configuration:
This will create the file ~/.local/share/python-keyring/crypted_pass.cfg
after initializing the backend store with a password. Look at the
documentation for keyring on what other configuration options are available.
Note: make sure the PyCrypto dependency is installed with the _fastmath
module. This in turn depends on the gmp library.